皇家骨科医院与Rapid7合作应对网络安全威胁

Cyber Threats are More Than Potential Loss of Data. They Also Can Be Matters of Life and Death

Challenge

“我们是一家独立的骨科医院，拥有20人的IT部门，”米安说. “我们的使命是保护患者和医疗记录以及IT基础设施，并防止组织受到勒索软件的攻击. In our environment, there are some systems which cannot go down. If there is any kind of threat in the environment, we need to know; if we don’t know, the result can be drastic.” 

可汗和米安面临的一大挑战是在环境中缺乏能见度. “We weren’t able to identify our assets,” Mian says. “We didn’t have the tools to give us the visibility, 我们需要发现和分析来评估组织内的安全状态. That was the key weakness.”

Solution 

皇家骨科医院实施了Rapid7 InsightVM、insighttidr和InsightConnect解决方案. “Rapid7吸引了我们，因为它易于部署，这是我们是一个小型安全团队的关键. 产品部署在云中，具有我们在自动化方面所寻找的所有元素, ease of deployment and capabilities,” explains Mian. “在过去的几个月里，我们已经成功地发展了产品，取得了今天的成就. So, they do fit nicely with our operations.”

Real-time Visibility

Khan是一名安全资深人士，拥有20多年的各种解决方案经验, including SIEM, so he knew what was needed for the hospital’s security. 一个关键因素是对环境的实时可见性. “我们需要扫描环境中的所有东西，看看我们有什么，”汗说. “通常情况下，我们期望得到的和我们扫描时实际得到的是两种不同的东西.可汗的重点还扩展到可以帮助他们调查和自动化修复过程的工具. 

皇家骨科医院正在所有终端用户设备上部署Rapid7 Insight Agents. “If a device goes anywhere out of our environment, 我们仍然保留对任何特定机器上正在发生的事情的可见性,” states Khan. 

Richer, More Meaningful Insights 

“通过InsightVM，我们可以扫描基础设施中的所有子网，并能够优先考虑补丁和修复方面最重要的内容,” explains Khan. “InsightVM提供了更丰富的关于漏洞修补或修复的风险和优先级的信息. So, 我们更有信心，我们正在把我们的努力放在正确的地方，以减少我们的威胁形势.”

“InsightVM通过动态和最新的报告帮助我们控制环境中的漏洞. 它帮助我们满足各种遵从性和法规要求, such as the UK’s DSPT, Cyber Essentials PLUS, and GDPR.

Khan指出了InsightVM的另一个好处，这让他的工作更轻松. “我特别喜欢Rapid7的一点是，我们可以定义目标 & 并创建一个实际的时间框架来处理和跟踪进度. 我认为没有多少解决方案能提供这种灵活性。”

Visibility Across the Environment

Khan和Mian将insighttidr与大约10个系统集成为事件源, including web application and firewalls, DNS, LDAP, DHCP, Active Directory, Cisco Identity Services Engine for profiling, DMZ assets, and end-user devices. Khan解释说:“我们希望insighttidr能让我们了解整个环境。. “It provides the log aggregation and user behavior analysis, we can see various kinds of new assets that are discovered, and any new user that has logged onto the environment.”

“InsightIDR provides threat intelligence. 我们还可以获得有关我们环境中不活跃的任何系统的提要, 查看入口和出口流量模式以发现任何异常. Rapid7蜜罐还有助于识别是否有人在探测网络，这增加了另一层安全性。”

Realistic Alerts 

“insighttidr可以实时提醒我们环境中发生的任何事情，这对于检测可疑的用户或设备行为非常有用. Visibility is the key in any modern IT environment, Rapid7 provided us the much-needed visibility of our environment.”

对Khan来说，同样重要的是要知道他们得到的是真实的警报，而不是假阳性. “我可以高兴地说，来自Rapid7的警报是相当现实的. 我不会被误报轰炸这样我就能专注于对信托安全重要的事情.”

Scaling Operations with Automation

Mian和Khan也在使用InsightConnect实现事件响应的自动化 , Rapid7’s Security Orchestration Automation and Response (SOAR). They are looking to the InsightConnect Extension Library 哪一个提供了数百个插件和预构建的工作流，他们可以自定义这些工作流来简化安全自动化的过程. 

Meeting the Critical Security Requirements of Healthcare Providers

Khan和Mian都认为Rapid7帮助他们实现了主要的安全目标. “We needed that real-time view of our environment, what is happening, in order to stay ahead of the curve, in order to be proactive, because if we’re not, it can actually cause loss of human life, because it’s a hospital environment. Rapid7 helped us achieve our goals of visibility, 保持对威胁形势的掌控并达到运营安全目标.”

”Rapid7 has a brilliant set of products, to be honest, and they are especially well suited for the healthcare sector,” concludes Khan.